

import hashlib
import hmac
import time
from flask import request

from configs import app_config

ALLOWED_CLOCK_SKEW = 5 
def get_hmac_header()->dict:
    timestamp = str(int(time.time()))
    signature = hmac.new(app_config.SECRET_KEY.encode(), timestamp.encode(), hashlib.sha256).hexdigest()
    headers={
    "X-Timestamp": timestamp,
    "X-Signature": signature
    }
    return headers
    

def verify_hmac_header()->bool:
    timestamp = request.headers.get("X-Timestamp")
    signature = request.headers.get("X-Signature")

    if not timestamp or not signature:
        return False#jsonify({"error": "Missing signature headers"}), 401

    
    if abs(int(timestamp) - time.time()) > ALLOWED_CLOCK_SKEW:
        return False#jsonify({"error": "Timestamp invalid"}), 401

    expected_signature = hmac.new(app_config.SECRET_KEY.encode(), timestamp.encode(), hashlib.sha256).hexdigest()
    if not hmac.compare_digest(expected_signature, signature):
        return False#jsonify({"error": "Invalid signature"}), 401
    return True